Ip VLN Routs

FACEBOOK 116.204.141.
41
YOUTUBE 116.204.141.45
INTERNET 116.204.141.38/30
116.204.142.122/30
116.204.141.233/29
BDIX 10.210.210.34/30
Ggc 45.127.244.128/28
103.196.232.128/26
45.127.244.128
45.127.244.128
rdn-salma17.123
4400 01719089465
309084653
/interface ethernet
set [ find default-name=ether1 ] comment="ALL ETHERNET" mtu=1492 name=\
"ether1-gateway DSL 1"
set [ find default-name=ether2 ] mtu=1492 name=ether2-master-local
set [ find default-name=ether3 ] name="ether3-slave-local DSL 2"
set [ find default-name=ether4 ] name="ether4-slave-local BASE HOUSE" \
poe-out=off
set [ find default-name=ether5 ] name=ether5-slave-local
/interface pppoe-client
add add-default-route=yes allow=pap comment="DSL CONNECTIONS" disabled=no \
interface="ether1-gateway DSL 1" keepalive-timeout=60 max-mru=1400 \
max-mtu=1400 mrru=1600 name=ISP1 user=HIDDEN
add add-default-route=yes default-route-distance=2 disabled=no interface=\
"ether3-slave-local DSL 2" name=ISP2 user=HIDDEN
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.40
add name=PPPoE ranges=192.168.88.100-192.168.88.200
add name=pool1 ranges=192.168.88.50-192.168.88.100
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\
bridge name=default
/ppp profile
set *0 dns-server=192.168.88.2 local-address=PPPoE use-encryption=no
set *FFFFFFFE use-encryption=no
/queue tree
add limit-at=5M max-limit=5M name=queue1 packet-mark=streaming-video-out \
parent=bridge priority=5
add burst-time=5s limit-at=7M max-limit=10M name=HTTP packet-mark=http-out \
parent=bridge queue=hotspot-default
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/tool user-manager customer
set admin access=\
own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=bridge interface=ether5-slave-local
add bridge=bridge interface=ether2-master-local
add bridge=bridge interface="ether4-slave-local BASE HOUSE"
/interface pppoe-server server
add authentication=pap disabled=no interface=bridge max-mru=1360 max-mtu=1360 \
mrru=1600 one-session-per-host=yes service-name=Internet
/ip address
add address=192.168.88.2/24 interface=bridge network=192.168.88.0
add address=10.0.0.2 interface="ether1-gateway DSL 1" network=10.0.0.0
add address=192.168.88.4 interface="ether4-slave-local BASE HOUSE" network=\
192.168.88.4
/ip dhcp-client
add add-default-route=no dhcp-options=hostname,clientid disabled=no \
interface="ether1-gateway DSL 1"
add add-default-route=no dhcp-options=hostname,clientid disabled=no \
interface="ether3-slave-local DSL 2"
/ip dhcp-server lease
add address=192.168.88.50 client-id=HOME mac-address=C8:3A:35:F3:7E:91
add address=192.168.88.60 mac-address=C4:E9:84:71:27:C3
add address=192.168.88.70 mac-address=F4:F2:6D:BB:11:96
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=\
192.168.88.2 gateway=192.168.88.2 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=0.0.0.0/8 comment="Self-Identification [RFC 3330]" list=bogons
add address=10.0.0.0/8 comment="Private[RFC 1918] - CLASS A # Check if you nee\
d this subnet before enable it" list=bogons
add address=127.0.0.0/8 comment="Loopback [RFC 3330]" list=bogons
add address=169.254.0.0/16 comment="Link Local [RFC 3330]" list=bogons
add address=172.16.0.0/12 comment="Private[RFC 1918] - CLASS B # Check if you \
need this subnet before enable it" list=bogons
add address=192.168.0.0/16 comment="Private[RFC 1918] - CLASS C # Check if you\
\_need this subnet before enable it" disabled=yes list=bogons
add address=192.0.2.0/24 comment="Reserved - IANA - TestNet1" list=bogons
add address=192.88.99.0/24 comment="6to4 Relay Anycast [RFC 3068]" list=\
bogons
add address=198.18.0.0/15 comment="NIDB Testing" list=bogons
add address=224.0.0.0/4 comment=\
"MC, Class D, IANA # Check if you need this subnet before enable it" \
list=bogons
add address=192.168.88.0/24 comment="Internal Subnet" list=internal-nets
/ip firewall filter
add action=add-src-to-address-list address-list=Syn_Flooder \
address-list-timeout=30m chain=input comment=\
"Add Syn Flood IP to the list" connection-limit=30,32 protocol=tcp \
tcp-flags=syn
add action=drop chain=input comment="Drop to syn flood list" \
src-address-list=Syn_Flooder
add action=add-src-to-address-list address-list=Port_Scanner \
address-list-timeout=1w chain=input comment="Port Scanner Detect" \
protocol=tcp psd=21,3s,3,1
add action=drop chain=input comment="Drop to port scan list" \
src-address-list=Port_Scanner
add action=jump chain=input comment="Jump for icmp input flow" jump-target=\
ICMP protocol=icmp
add action=drop chain=input comment="Block all access to the winbox - except t\
o support list # DO NOT ENABLE THIS RULE BEFORE ADD YOUR SUBNET IN THE SUP\
PORT ADDRESS LIST" dst-port=8291 protocol=tcp src-address-list=!support
add action=accept chain=input comment="Accept DNS - UDP" port=53 protocol=udp
add action=jump chain=forward comment="Jump for icmp forward flow" \
jump-target=ICMP protocol=icmp
add action=drop chain=forward comment="Drop to bogon list" dst-address-list=\
bogons
add action=drop chain=forward comment="Avoid spammers action" dst-port=25,587 \
protocol=tcp src-address-list=spammers
add action=accept chain=input comment="Accept DNS - TCP" port=53 protocol=tcp
add action=accept chain=input comment="Accept to established connections" \
connection-state=established
add action=accept chain=input comment="Accept to related connections" \
connection-state=related
add action=accept chain=input comment="Full access to SUPPORT address list" \
src-address-list=support
add action=accept chain=input comment=\
"Accept all connections from local network" in-interface=bridge
add action=accept chain=input comment="Accept WinBox Access from Local" \
dst-port=81 protocol=tcp src-address=192.168.88.0/24
add action=accept chain=input comment="Accept WebFig Access from Local" \
dst-port=80 in-interface=bridge protocol=tcp src-address=192.168.88.0/24
add action=accept chain=ICMP comment="Echo reply" icmp-options=0:0 protocol=\
icmp
add action=accept chain=ICMP comment="Time Exceeded" icmp-options=11:0 \
protocol=icmp
add action=accept chain=ICMP comment="Destination unreachable" icmp-options=\
3:0-1 protocol=icmp
add action=accept chain=ICMP comment=PMTUD icmp-options=3:4 protocol=icmp
add action=drop chain=ICMP comment="Drop to the other ICMPs" protocol=icmp
add action=accept chain=input connection-state=new connection-type="" \
dst-port=1812 in-interface=bridge protocol=tcp src-port=1812
add action=accept chain=input connection-state=new in-interface=bridge \
protocol=icmp
add action=jump chain=output comment="Jump for icmp output" jump-target=ICMP \
protocol=icmp
add action=drop chain=input comment="Drop anything else! # DO NOT ENABLE THIS \
RULE BEFORE YOU MAKE SURE ABOUT ALL ACCEPT RULES YOU NEED" disabled=yes
/ip firewall mangle
add action=mark-packet chain=prerouting comment=\
"internal-traffic packet mark" dst-address-list=internal-nets \
new-packet-mark=internal-traffic passthrough=yes src-address-list=\
internal-nets
"customer-servers-out packet mark" new-packet-mark=customer-servers-out \
passthrough=yes src-address-list=customer-servers
"customer-servers-in packet mark" dst-address-list=customer-servers \
new-packet-mark=customer-servers-in passthrough=yes
add action=mark-packet chain=prerouting comment="admin-in packet mark DNS" \
in-interface="ether1-gateway DSL 1" new-packet-mark=admin-in passthrough=\
yes protocol=udp src-port=53
add action=mark-packet chain=prerouting comment="admin-in packet mark snmp" \
dst-port=161 in-interface="ether1-gateway DSL 1" new-packet-mark=admin-in \
passthrough=yes protocol=udp
add action=mark-connection chain=prerouting comment=\
"Remote Protocols admin connection mark" new-connection-mark=admin \
passthrough=yes port=20,21,22,23,3389,8291 protocol=tcp
"icmp connection mark as admin" new-connection-mark=admin passthrough=yes \
protocol=icmp src-address-list=internal-nets
add action=mark-packet chain=prerouting comment="admin-in packet mark" \
connection-mark=admin in-interface="ether1-gateway DSL 1" \
new-packet-mark=admin-in passthrough=yes
add action=mark-packet chain=prerouting comment="admin-out packet mark" \
connection-mark=admin new-packet-mark=admin-out passthrough=yes
"streaming video in packet mark" connection-mark=streaming-video \
in-interface="ether1-gateway DSL 1" new-packet-mark=streaming-video-in \
passthrough=yes
"streaming video out packet mark" connection-mark=streaming-video \
new-packet-mark=streaming-video-out passthrough=yes
"http traffic connection mark" dst-port=80,443 new-connection-mark=http \
passthrough=yes protocol=tcp src-address-list=internal-nets
"http traffic connection mark" connection-bytes=5000000-4294967295 \
dst-port=80,443 new-connection-mark=http-download passthrough=yes \
protocol=tcp src-address-list=internal-nets
add action=mark-packet chain=prerouting comment="http in packet mark" \
connection-mark=http in-interface="ether1-gateway DSL 1" new-packet-mark=\
http-in passthrough=yes
add action=mark-packet chain=prerouting comment="http out packet mark" \
connection-mark=http new-packet-mark=http-out passthrough=yes
"wow connetion mark as gaming" dst-port=\
1119,3724,6112-6114,4000,6881-6999 new-connection-mark=games passthrough=\
yes protocol=tcp src-address-list=internal-nets
"eve online connetion mark as gaming" dst-address=87.237.38.200 \
new-connection-mark=games passthrough=yes src-address-list=internal-nets
"starcraft 2 connetion mark as gaming" dst-port=1119 new-connection-mark=\
games passthrough=yes protocol=tcp src-address-list=internal-nets
"heros of newerth connetion mark as gaming" dst-port=11031,11235-11335 \
new-connection-mark=games passthrough=yes protocol=tcp src-address-list=\
internal-nets
"steam connetion mark as gaming" dst-port=27014-27050 \
internal-nets
"xbox live connetion mark as gaming" dst-port=3074 new-connection-mark=\
"ps3 online connetion mark as gaming" dst-port=5223 new-connection-mark=\
"wii online connetion mark as gaming" dst-port=28910,29900,29901,29920 \
internal-nets
"games packet mark forever-saken-game" dst-address-list=external-nets \
new-packet-mark=games-in passthrough=yes src-address-list=\
forever-saken-game
"games packet mark starcraft2" dst-address-list=external-nets \
new-packet-mark=games-in passthrough=yes protocol=udp src-port=1119,6113
add action=mark-packet chain=prerouting comment="games packet mark wow" \
dst-address-list=external-nets new-packet-mark=games-in passthrough=yes \
protocol=udp src-port=53,3724
add action=mark-packet chain=prerouting comment="games packet mark HoN" \
protocol=udp src-port=11031,11235-11335
add action=mark-packet chain=prerouting comment="games packet mark steam in" \
dst-address-list=external-nets new-packet-mark=games-in passthrough=no \
port=4380,28960,27000-27030 protocol=udp
add action=mark-packet chain=prerouting comment="games packet mark steam out" \
dst-port=53,1500,3005,3101,3478,4379-4380,4380,28960,27000-27030,28960 \
new-packet-mark=games-out passthrough=yes protocol=udp src-address-list=\
internal-nets
add action=mark-packet chain=prerouting comment="games packet mark xbox live" \
protocol=udp src-port=88,3074,3544,4500
"games packet mark ps3 online" dst-address-list=external-nets \
new-packet-mark=games-in passthrough=yes protocol=udp src-port=\
3478,3479,3658
add action=mark-packet chain=prerouting comment="games packet mark in" \
connection-mark=games dst-address-list=external-nets new-packet-mark=\
games-in passthrough=yes
add action=mark-packet chain=prerouting comment="games packet mark out" \
connection-mark=games new-packet-mark=games-out passthrough=yes
"voip-in packet mark teamspeak" dst-address-list=external-nets \
new-packet-mark=voip-in passthrough=yes protocol=udp src-port=9987
"voip-out packet mark teamspeak" dst-port=9987 new-packet-mark=voip-out \
passthrough=yes protocol=udp src-address-list=internal-nets
"voip-out packet mark teamspeak" dst-address-list=external-nets \
"voip-in packet mark ventrilo" dst-address-list=external-nets \
"voip-out packet mark ventrilo" dst-port=3784 new-packet-mark=voip-out \
passthrough=yes protocol=udp src-address-list=internal-nets
"voip-in packet mark ventrilo" dst-address-list=external-nets \
new-packet-mark=voip-in passthrough=yes protocol=tcp src-port=3784
"voip-out packet mark ventrilo" dst-port=3784 new-packet-mark=voip-out \
passthrough=yes protocol=tcp src-address-list=internal-nets
add action=mark-packet chain=prerouting comment="voip-in packet mark SIP" \
dst-address-list=internal-nets new-packet-mark=voip-in passthrough=yes \
port=5060 protocol=tcp
add action=mark-packet chain=prerouting comment="voip-out packet mark SIP" \
new-packet-mark=voip-out passthrough=yes port=5060 protocol=tcp \
src-address-list=internal-nets
add action=mark-packet chain=prerouting comment="voip-in packet mark udp SIP" \
dst-address-list=internal-nets new-packet-mark=voip-in passthrough=yes \
port=5004,5060 protocol=udp
"voip-out packet mark udp SIP" new-packet-mark=voip-out passthrough=yes \
port=5004,5060 protocol=udp src-address-list=internal-nets
add action=mark-packet chain=prerouting comment="voip-in packet mark RTP" \
dst-address-list=internal-nets new-packet-mark=voip-in packet-size=\
100-400 passthrough=yes port=16348-32768 protocol=udp
add action=mark-packet chain=prerouting comment="voip-out packet mark RTP" \
new-packet-mark=voip-in packet-size=100-400 passthrough=yes port=\
16348-32768 protocol=udp src-address-list=internal-nets
add action=mark-packet chain=prerouting comment="vpn-in packet mark GRE" \
in-interface="ether1-gateway DSL 1" new-packet-mark=vpn-in passthrough=\
yes protocol=gre
add action=mark-packet chain=prerouting comment="vpn-out packet mark GRE" \
new-packet-mark=vpn-out passthrough=yes protocol=gre
add action=mark-packet chain=prerouting comment="vpn-in packet mark ESP" \
yes protocol=ipsec-esp
add action=mark-packet chain=prerouting comment="vpn-out packet mark ESP" \
new-packet-mark=vpn-out passthrough=yes protocol=ipsec-esp
"vpn-in packet mark VPN UDP ports" in-interface="ether1-gateway DSL 1" \
new-packet-mark=vpn-in passthrough=yes protocol=udp src-port=\
500,1701,4500
"vpn-out packet mark VPN UDP ports" new-packet-mark=vpn-out passthrough=\
yes protocol=udp src-port=500,1701,4500
add action=mark-packet chain=prerouting comment="vpn-in packet mark PPTP" \
yes protocol=tcp src-port=1723
add action=mark-packet chain=prerouting comment="vpn-out packet mark PPTP" \
new-packet-mark=vpn-out passthrough=yes protocol=tcp src-port=1723
add action=mark-routing chain=prerouting in-interface=bridge \
new-routing-mark=to_ISP1 passthrough=no per-connection-classifier=\
src-address-and-port:2/0
add action=mark-routing chain=prerouting in-interface=bridge \
new-routing-mark=to_ISP2 passthrough=no per-connection-classifier=\
src-address-and-port:2/1
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=ISP1 to-addresses=0.0.0.0
add action=masquerade chain=srcnat out-interface=ISP2
/ip proxy
set anonymous=yes enabled=yes max-cache-size=none port=53281
/ip route
add check-gateway=ping distance=1 gateway=ISP1 routing-mark=to_ISP1
add check-gateway=ping distance=1 gateway=ISP2 routing-mark=to_ISP2
add check-gateway=ping distance=1 gateway=ISP1
add check-gateway=ping distance=2 gateway=ISP2
add distance=1 dst-address=192.168.88.3/32 gateway=\
<pppoe-attamohamed@spiderweb>
add distance=1 dst-address=192.168.88.50/32 gateway=bridge
/ip route rule
add action=lookup-only-in-table dst-address=192.168.88.0/24 table=main
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes port=2222
set api disabled=yes
set winbox port=81
set api-ssl disabled=yes
/ppp aaa
set use-radius=yes
/radius
add address=192.168.88.2 service=ppp
/radius incoming
set accept=yes port=1700
/system clock
set time-zone-autodetect=no time-zone-name=Africa/Johannesburg
/system routerboard settings
set silent-boot=no
/system script
add name=script1 owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive source="/ip fir\
ewall filter\r\
\n\r\
\nadd action=drop chain=input comment=\"Drop to syn flood list\" disabled=\
no src-address-list=Syn_Flooder\r\
\nadd action=add-src-to-address-list address-list=Port_Scanner address-lis\
t-timeout=1w chain=input comment=\"Port Scanner Detect\"\r\
\ndisabled=no protocol=tcp psd=21,3s,3,1\r\
\nadd action=drop chain=input comment=\"Drop to port scan list\" disabled=\
no src-address-list=Port_Scanner\r\
\nadd action=jump chain=input comment=\"Jump for icmp input flow\" disable\
d=no jump-target=ICMP protocol=icmp\r\
\nadd action=drop chain=input\r\
\ncomment=\"Block all access to the winbox - except to support list # DO N\
OT ENABLE THIS RULE BEFORE ADD YOUR SUBNET IN THE SUPPORT ADDRESS LIST\"\r\
\ndisabled=yes dst-port=8291 protocol=tcp src-address-list=!support\r\
\nadd action=jump chain=forward comment=\"Jump for icmp forward flow\" dis\
abled=no jump-target=ICMP protocol=icmp\r\
\nadd action=drop chain=forward comment=\"Drop to bogon list\" disabled=no\
\_dst-address-list=bogons\r\
\nadd action=add-src-to-address-list address-list=spammers address-list-ti\
meout=3h chain=forward comment=\"Add Spammers to the list for 3 hours\"\r\
\nconnection-limit=30,32 disabled=no dst-port=25,587 limit=30/1m,0 protoco\
l=tcp\r\
\nadd action=drop chain=forward comment=\"Avoid spammers action\" disabled\
=no dst-port=25,587 protocol=tcp src-address-list=spammers\r\
\nadd action=accept chain=input comment=\"Accept DNS - UDP\" disabled=no p\
ort=53 protocol=udp\r\
\nadd action=accept chain=input comment=\"Accept DNS - TCP\" disabled=no p\
ort=53 protocol=tcp\r\
\nadd action=accept chain=input comment=\"Accept to established connection\
s\" connection-state=established\r\
\ndisabled=no\r\
\nadd action=accept chain=input comment=\"Accept to related connections\" \
connection-state=related disabled=no\r\
\nadd action=accept chain=input comment=\"Full access to SUPPORT address l\
ist\" disabled=no src-address-list=support\r\
\nadd action=drop chain=input comment=\"Drop anything else! # DO NOT ENABL\
E THIS RULE BEFORE YOU MAKE SURE ABOUT ALL ACCEPT RULES YOU NEED\"\r\
\ndisabled=yes\r\
\nadd action=accept chain=ICMP comment=\"Echo request - Avoiding Ping Floo\
d\" disabled=no icmp-options=8:0 limit=1,5 protocol=icmp\r\
\nadd action=accept chain=ICMP comment=\"Echo reply\" disabled=no icmp-opt\
ions=0:0 protocol=icmp\r\
\nadd action=accept chain=ICMP comment=\"Time Exceeded\" disabled=no icmp-\
options=11:0 protocol=icmp\r\
\nadd action=accept chain=ICMP comment=\"Destination unreachable\" disable\
d=no icmp-options=3:0-1 protocol=icmp\r\
\nadd action=accept chain=ICMP comment=PMTUD disabled=no icmp-options=3:4 \
protocol=icmp\r\
\nadd action=drop chain=ICMP comment=\"Drop to the other ICMPs\" disabled=\
no protocol=icmp\r\
\nadd action=jump chain=output comment=\"Jump for icmp output\" disabled=n\
o jump-target=ICMP protocol=icmp"
/tool graphing interface
add interface=bridge store-on-disk=no
/tool traffic-monitor
add interface="ether1-gateway DSL 1" name=tmon1 threshold=0

Ip VLN Routs

Cargado por

Información del documento

Título original

Derechos de autor

Formatos disponibles

Compartir este documento

Compartir o incrustar documentos

Opciones para compartir

¿Le pareció útil este documento?

¿Este contenido es inapropiado?

Copyright:

Formatos disponibles

Ip VLN Routs

Cargado por

Copyright:

Formatos disponibles

FACEBOOK 116.204.141.

También podría gustarte